Jump to content

Madhurry


Recommended Posts

Post Merged

We look for post with 0 replies, so when you reply to your own topic, we assume you're being helped.

Please be patient, someone will assist you as soon as possible.

Greetings all,

I am new to this forum and recently uncovered nearly the same thing roses did, but the file MB found was quarantined: VENDOR = Stolen.data - item = C:\WILLYESUN\Appdata\Roaming\SMRBbackup.25.

I have changed my all my email and banking passwords and working on the rest of my password file now. I have run DDS and I will paste and attach (don't know which is better here) the results. I am requesting help on this, it would appear based on other sites that a lot of people have been hit through their firewalls by this mess. I run free avast as primary and MB as secondary. MB was the one that found it!!!!

I have downloaded combo fix but I want to wait until instructed to run it till I here from someone who thinks its necessary

Request HELP asap!!!!

Thank you

Madhurry

Greetings to all again,

I decided to run combofix after all and got the results, however I am unable to attach the document as I did with the others. Word or Notepad will not open this, I used Notepad++ to open it???

So i am pasting the results here instead.

Thank you for help in advance.

Madhurry

ComboFix 13-05-14.01 - WILLYESUN 05/15/2013 2:44.1.2 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8191.5923 [GMT -7:00]

Running from: c:\users\WILLYESUN\Downloads\ComboFix.exe

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Jacob Smith\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk

c:\users\Jacob Smith\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk

c:\users\WILLYESUN\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6D20AA1A-87BC-45DF-89CF-A9109336E762}.xps

c:\users\WILLYESUN\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk

c:\users\WILLYESUN\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk

c:\users\WILLYESUN\Documents\~WRL1898.tmp

c:\users\WILLYESUN\Documents\ShopToWin

c:\windows\SysWow64\logs

c:\windows\SysWow64\logs\launcher_20130130.log

c:\windows\SysWow64\Packet.dll

c:\windows\SysWow64\pthreadVC.dll

c:\windows\SysWow64\wpcap.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

-------\Service_NPF

.

.

((((((((((((((((((((((((( Files Created from 2013-04-15 to 2013-05-15 )))))))))))))))))))))))))))))))

.

.

2013-05-15 09:48 . 2013-05-15 09:48 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-05-15 09:48 . 2013-05-15 09:48 -------- d-----w- c:\users\UpdatusUser.WILLYESUN-PC\AppData\Local\temp

2013-05-15 07:02 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7144AB3E-19A2-4B4C-B4BA-A290CD4FBA6A}\mpengine.dll

2013-05-14 17:30 . 2013-05-14 17:30 -------- d-----w- c:\program files (x86)\SlimDrivers

2013-05-11 10:37 . 2013-05-11 10:37 209472 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll

2013-05-06 20:34 . 2013-05-06 20:35 -------- d-----w- C:\Data

2013-05-06 20:09 . 2013-05-06 20:09 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-05-06 20:08 . 2013-05-06 20:08 -------- d-----w- c:\users\Jacob Smith

2013-05-06 19:59 . 2013-05-06 20:13 -------- d-----w- C:\TESTGROUP

2013-05-05 21:12 . 2012-08-21 20:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2013-05-05 21:11 . 2013-05-05 21:11 -------- d-----w- c:\program files\iPod

2013-05-05 21:11 . 2013-05-05 21:12 -------- d-----w- c:\program files\iTunes

2013-04-29 17:40 . 2013-04-29 17:40 -------- d-----w- c:\program files (x86)\Apple Software Update

2013-04-29 17:39 . 2013-04-29 17:39 -------- d-----w- c:\program files\Bonjour

2013-04-29 17:39 . 2013-04-29 17:39 -------- d-----w- c:\program files (x86)\Bonjour

2013-04-29 01:34 . 2013-04-29 01:45 -------- d-----w- C:\CIS227

2013-04-29 00:21 . 2013-04-29 00:21 -------- d-----w- C:\MarketingDocuments

2013-04-28 06:57 . 2013-04-28 06:57 -------- d-----w- c:\program files (x86)\Common Files\Java

2013-04-28 06:57 . 2013-04-04 12:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-04-23 17:04 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-22 21:56 . 2013-04-22 22:01 -------- d-----w- C:\VHD Storage

2013-04-21 20:33 . 2013-04-21 20:33 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll

2013-04-21 20:33 . 2013-04-21 20:33 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll

2013-04-21 20:33 . 2013-04-21 20:33 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll

2013-04-21 20:33 . 2013-04-21 20:33 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll

2013-04-21 20:33 . 2013-04-21 20:33 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll

2013-04-21 20:33 . 2013-04-21 20:33 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll

2013-04-21 20:33 . 2013-04-21 20:33 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll

2013-04-21 20:33 . 2013-04-21 20:33 -------- d-----w- c:\program files (x86)\QuickTime

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-14 19:14 . 2012-07-01 00:47 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-05-14 19:14 . 2012-06-17 05:29 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-09 08:59 . 2013-03-07 06:50 378432 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-05-09 08:59 . 2013-03-07 06:50 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2013-05-09 08:59 . 2013-03-07 06:50 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2013-05-09 08:59 . 2013-03-07 06:50 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-05-09 08:59 . 2013-03-07 06:50 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-05-09 08:59 . 2013-03-07 06:50 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-05-09 08:59 . 2013-03-07 06:50 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2013-05-09 08:59 . 2013-03-07 06:50 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-05-09 08:58 . 2013-03-07 06:49 41664 ----a-w- c:\windows\avastSS.scr

2013-05-09 08:58 . 2013-03-01 09:57 287840 ----a-w- c:\windows\system32\aswBoot.exe

2013-05-02 09:06 . 2012-01-14 19:16 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-04-10 17:27 . 2013-04-10 17:27 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll

2013-04-10 17:27 . 2012-02-02 21:42 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2013-04-10 17:27 . 2012-02-02 21:42 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2013-04-10 06:51 . 2012-01-15 19:12 72702784 ----a-w- c:\windows\system32\MRT.exe

2013-04-04 21:50 . 2013-03-07 07:00 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-04-01 06:59 . 2013-04-01 06:59 119808 ----a-r- c:\users\WILLYESUN\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe

2013-03-30 04:39 . 2013-03-30 04:39 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-03-30 04:39 . 2013-03-30 04:39 97280 ----a-w- c:\windows\system32\mshtmled.dll

2013-03-30 04:39 . 2013-03-30 04:39 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-03-30 04:39 . 2013-03-30 04:39 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-03-30 04:39 . 2013-03-30 04:39 81408 ----a-w- c:\windows\system32\icardie.dll

2013-03-30 04:39 . 2013-03-30 04:39 77312 ----a-w- c:\windows\system32\tdc.ocx

2013-03-30 04:39 . 2013-03-30 04:39 762368 ----a-w- c:\windows\system32\ieapfltr.dll

2013-03-30 04:39 . 2013-03-30 04:39 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2013-03-30 04:39 . 2013-03-30 04:39 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2013-03-30 04:39 . 2013-03-30 04:39 62976 ----a-w- c:\windows\system32\pngfilt.dll

2013-03-30 04:39 . 2013-03-30 04:39 61952 ----a-w- c:\windows\SysWow64\tdc.ocx

2013-03-30 04:39 . 2013-03-30 04:39 599552 ----a-w- c:\windows\system32\vbscript.dll

2013-03-30 04:39 . 2013-03-30 04:39 523264 ----a-w- c:\windows\SysWow64\vbscript.dll

2013-03-30 04:39 . 2013-03-30 04:39 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2013-03-30 04:39 . 2013-03-30 04:39 51200 ----a-w- c:\windows\system32\imgutil.dll

2013-03-30 04:39 . 2013-03-30 04:39 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2013-03-30 04:39 . 2013-03-30 04:39 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-03-30 04:39 . 2013-03-30 04:39 452096 ----a-w- c:\windows\system32\dxtmsft.dll

2013-03-30 04:39 . 2013-03-30 04:39 441856 ----a-w- c:\windows\system32\html.iec

2013-03-30 04:39 . 2013-03-30 04:39 38400 ----a-w- c:\windows\SysWow64\imgutil.dll

2013-03-30 04:39 . 2013-03-30 04:39 361984 ----a-w- c:\windows\SysWow64\html.iec

2013-03-30 04:39 . 2013-03-30 04:39 281600 ----a-w- c:\windows\system32\dxtrans.dll

2013-03-30 04:39 . 2013-03-30 04:39 27648 ----a-w- c:\windows\system32\licmgr10.dll

2013-03-30 04:39 . 2013-03-30 04:39 270848 ----a-w- c:\windows\system32\iedkcs32.dll

2013-03-30 04:39 . 2013-03-30 04:39 247296 ----a-w- c:\windows\system32\webcheck.dll

2013-03-30 04:39 . 2013-03-30 04:39 235008 ----a-w- c:\windows\system32\url.dll

2013-03-30 04:39 . 2013-03-30 04:39 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll

2013-03-30 04:39 . 2013-03-30 04:39 226304 ----a-w- c:\windows\system32\elshyph.dll

2013-03-30 04:39 . 2013-03-30 04:39 216064 ----a-w- c:\windows\system32\msls31.dll

2013-03-30 04:39 . 2013-03-30 04:39 197120 ----a-w- c:\windows\system32\msrating.dll

2013-03-30 04:39 . 2013-03-30 04:39 185344 ----a-w- c:\windows\SysWow64\elshyph.dll

2013-03-30 04:39 . 2013-03-30 04:39 173568 ----a-w- c:\windows\system32\ieUnatt.exe

2013-03-30 04:39 . 2013-03-30 04:39 167424 ----a-w- c:\windows\system32\iexpress.exe

2013-03-30 04:39 . 2013-03-30 04:39 158720 ----a-w- c:\windows\SysWow64\msls31.dll

2013-03-30 04:39 . 2013-03-30 04:39 1509376 ----a-w- c:\windows\system32\inetcpl.cpl

2013-03-30 04:39 . 2013-03-30 04:39 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2013-03-30 04:39 . 2013-03-30 04:39 149504 ----a-w- c:\windows\system32\occache.dll

2013-03-30 04:39 . 2013-03-30 04:39 144896 ----a-w- c:\windows\system32\wextract.exe

2013-03-30 04:39 . 2013-03-30 04:39 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2013-03-30 04:39 . 2013-03-30 04:39 1400416 ----a-w- c:\windows\system32\ieapfltr.dat

2013-03-30 04:39 . 2013-03-30 04:39 138752 ----a-w- c:\windows\SysWow64\wextract.exe

2013-03-30 04:39 . 2013-03-30 04:39 13824 ----a-w- c:\windows\system32\mshta.exe

2013-03-30 04:39 . 2013-03-30 04:39 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2013-03-30 04:39 . 2013-03-30 04:39 136192 ----a-w- c:\windows\system32\iepeers.dll

2013-03-30 04:39 . 2013-03-30 04:39 135680 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-03-30 04:39 . 2013-03-30 04:39 12800 ----a-w- c:\windows\SysWow64\mshta.exe

2013-03-30 04:39 . 2013-03-30 04:39 12800 ----a-w- c:\windows\system32\msfeedssync.exe

2013-03-30 04:39 . 2013-03-30 04:39 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2013-03-30 04:39 . 2013-03-30 04:39 102912 ----a-w- c:\windows\system32\inseng.dll

2013-03-28 05:13 . 2013-03-28 05:13 369168 ----a-w- c:\windows\system32\wpcap.dll

2013-03-28 05:13 . 2013-03-28 05:13 35344 ----a-w- c:\windows\system32\drivers\npf.sys

2013-03-28 05:13 . 2013-03-28 05:13 106000 ----a-w- c:\windows\system32\packet.dll

2013-03-25 10:20 . 2012-07-02 03:27 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-03-25 10:20 . 2012-01-22 08:53 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-03-25 10:00 . 2013-03-25 01:00 141 ----a-w- c:\users\WILLYESUN\Network_Meter_Data.js

2013-03-24 06:27 . 2013-03-24 06:27 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2013-03-24 06:27 . 2013-03-24 06:27 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2013-03-19 06:04 . 2013-04-10 06:48 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-19 05:46 . 2013-04-10 06:48 43520 ----a-w- c:\windows\system32\csrsrv.dll

2013-03-19 05:04 . 2013-04-10 06:48 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04 . 2013-04-10 06:48 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47 . 2013-04-10 06:48 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll

2013-03-19 03:06 . 2013-04-10 06:48 112640 ----a-w- c:\windows\system32\smss.exe

2013-03-01 17:56 . 2012-11-19 23:20 963488 ----a-w- c:\windows\system32\deployJava1.dll

2013-03-01 17:56 . 2012-11-19 23:20 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-03-01 03:36 . 2013-04-10 03:17 3153408 ----a-w- c:\windows\system32\win32k.sys

2013-02-21 10:30 . 2013-04-10 06:49 1766912 ----a-w- c:\windows\SysWow64\wininet.dll

2013-02-21 10:29 . 2013-04-10 06:49 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll

2013-02-21 10:29 . 2013-04-10 06:49 61440 ----a-w- c:\windows\SysWow64\iesetup.dll

2013-02-21 10:29 . 2013-04-10 06:49 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll

2013-02-21 10:15 . 2013-04-10 06:49 51712 ----a-w- c:\windows\system32\ie4uinit.exe

2013-02-21 10:15 . 2013-04-10 06:49 2240512 ----a-w- c:\windows\system32\wininet.dll

2013-02-21 10:14 . 2013-04-10 06:49 1365504 ----a-w- c:\windows\system32\urlmon.dll

2013-02-21 10:14 . 2013-04-10 06:49 19230208 ----a-w- c:\windows\system32\mshtml.dll

2013-02-21 10:14 . 2013-04-10 06:49 603136 ----a-w- c:\windows\system32\msfeeds.dll

2013-02-21 10:14 . 2013-04-10 06:49 3958784 ----a-w- c:\windows\system32\jscript9.dll

2013-02-21 10:14 . 2013-04-10 06:49 53248 ----a-w- c:\windows\system32\jsproxy.dll

2013-02-21 10:14 . 2013-04-10 06:49 855552 ----a-w- c:\windows\system32\jscript.dll

2013-02-21 10:14 . 2013-04-10 06:49 526336 ----a-w- c:\windows\system32\ieui.dll

2013-02-21 10:14 . 2013-04-10 06:49 67072 ----a-w- c:\windows\system32\iesetup.dll

2013-02-21 10:14 . 2013-04-10 06:49 136704 ----a-w- c:\windows\system32\iesysprep.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"0724E2CBC6C3656A06DC67F299A89EF16AAB7CAF._service_run"="c:\users\WILLYESUN\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-04-09 1312720]

"Jump Desktop"="c:\program files (x86)\Jump Desktop\JumpDesktop.exe" [2012-05-18 424040]

"NETGEARGenie"="c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" [2012-10-16 1041736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]

"tvncontrol"="c:\program files (x86)\TightVNC\tvnserver.exe" [2010-07-08 815704]

"NETGEAR USB Control Center"="c:\program files (x86)\NETGEAR\USB Control Center\Control Center.exe" [2012-09-21 4139008]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

.

c:\users\WILLYESUN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2013-1-8 228448]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

NETGEAR USB Control Center.lnk - c:\program files (x86)\NETGEAR\USB Control Center\Choose_Language.exe [2012-3-23 709120]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"SoftwareSASGeneration"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

R1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog64.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 A6200;NETGEAR A6200 WiFi Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2012-07-31 2263144]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-01-14 79360]

R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2012-12-21 17480]

R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2012-12-21 9800]

R3 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt64.sys [x]

R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [x]

R3 NetgearUDSTcpBus;NetgearUDSTcpBus;c:\windows\system32\drivers\NetgearUDSTcpBus.sys [2012-08-13 183584]

R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-15 1255736]

R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]

S0 aswRvrt;aswRvrt; [x]

S0 aswVmm;aswVmm; [x]

S0 SMR250;Symantec SMR Utility Service 2.5.0;c:\windows\System32\drivers\SMR250.SYS [2012-02-25 96376]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]

S2 AntiSpywareService;Comcast AntiSpyware;c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-06-17 616408]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 80816]

S2 JumpDesktop;Jump Desktop Service;c:\program files (x86)\Jump Desktop\JumpService.exe [2012-05-18 7680]

S2 tvnserver;TightVNC Server;c:\program files (x86)\TightVNC\tvnserver.exe [2010-07-08 815704]

S2 WNDA6200;NETGEAR A6200 Service;c:\program files (x86)\NETGEAR\A6200\WifiService.exe [2012-07-27 25888]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]

S3 FIXUSTOR;FIXUSTOR;c:\windows\system32\DRIVERS\fixustor.sys [2000-01-01 13696]

S3 NetgearUDSMBus;UDS Master Bus of Kernel USB Software Bus by TCP;c:\windows\system32\drivers\NetgearUDSMBus.sys [2012-08-13 107296]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2013-05-15 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-01 19:14]

.

2013-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-01 09:58]

.

2013-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-01 09:58]

.

2013-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2078581981-1077204460-3374807228-1000Core.job

- c:\users\WILLYESUN\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-14 19:09]

.

2013-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2078581981-1077204460-3374807228-1000UA.job

- c:\users\WILLYESUN\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-14 19:09]

.

2013-05-15 c:\windows\Tasks\SlimDrivers Startup.job

- c:\program files (x86)\SlimDrivers\SlimDrivers.exe [2013-04-24 21:12]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2013-04-16 23:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-04-16 23:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2013-04-16 23:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2013-04-16 23:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GENIE"="c:\program files (x86)\NETGEAR\A6200\A6200.exe" [2012-08-07 7831840]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.bing.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\WILLYESUN\AppData\Roaming\Mozilla\Firefox\Profiles\gauippyv.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287802&SearchSource=3&q={searchTerms}&CUI=UN23850200211002293

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?SSPV=SP_FFWSP06&ctid=CT3279141&SearchSource=13&CUI=UN27341453124293301

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287802&SearchSource=2&CUI=UN23850200211002293&UM=UM_ID&q=

FF - user.js: extensions.BabylonToolbar_i.id - dc6dd6d60000000000000021855a5cc9

FF - user.js: extensions.BabylonToolbar_i.hardId - dc6dd6d60000000000000021855a5cc9

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15525

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:49

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=010712_7

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

FF - user.js: browser.sessionstore.resume_from_crash - false

FF - user.js: extensions.delta.tlbrSrchUrl -

FF - user.js: extensions.delta.id - dc6dd6d60000000000000021855a5cc9

FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

FF - user.js: extensions.delta.instlDay - 15740

FF - user.js: extensions.delta.vrsn - 1.8.10.0

FF - user.js: extensions.delta.vrsni - 1.8.10.0

FF - user.js: extensions.delta.vrsnTs - 1.8.10.019:48

FF - user.js: extensions.delta.prtnrId - delta

FF - user.js: extensions.delta.prdct - delta

FF - user.js: extensions.delta.aflt - babsst

FF - user.js: extensions.delta.smplGrp - none

FF - user.js: extensions.delta.tlbrId - base

FF - user.js: extensions.delta.instlRef - sst

FF - user.js: extensions.delta.dfltLng - en

FF - user.js: extensions.delta.excTlbr - false

FF - user.js: extensions.delta.admin - false

FF - user.js: extensions.delta.autoRvrt - false

FF - user.js: extensions.delta.rvrt - false

FF - user.js: extensions.delta.newTab - false

FF - user.js: browser.sessionstore.resume_session_once - true

FF - user.js: capability.policy.policynames - allowclipboard

FF - user.js: capability.policy.allowclipboard.sites - hxxps://classes.lanecc.edu/

FF - user.js: capability.policy.allowclipboard.Clipboard.cutcopy - allAccess

FF - user.js: capability.policy.allowclipboard.Clipboard.paste - allAccess

FF - user.js: capability.policy.allowclipboard.sites - hxxps://classes.lanecc.edu/mod/forum/index.php?id=35335

FF - user.js: capability.policy.allowclipboard.sites - hxxps://classes.lanecc.edu/mod/forum/index.php?id=35833

FF - user.js: capability.policy.allowclipboard.sites - hxxps://classes.lanecc.edu/mod/forum/post.php?forum=31406

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-10 - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

Toolbar-10 - (no file)

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\CA\PPRT\bin\ITMRTSVC.exe

.

**************************************************************************

.

Completion time: 2013-05-15 02:54:49 - machine was rebooted

ComboFix-quarantined-files.txt 2013-05-15 09:54

.

Pre-Run: 372,836,413,440 bytes free

Post-Run: 372,791,099,392 bytes free

.

- - End Of File - - 90C076BC6178C294BC713AFA772790D9

MBAttach.txt

MBDDS.txt

MBDDS.txt

MBAttach.txt

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.